Protecting networks from cyber attacks and overloading

1. A method for use in a plurality of packet-filtering devices that interface, at peering points, with a plurality of different, separately administered, autonomous system networks, wherein the method comprises, by each respective packet-filtering device: receiving, from a policy management server via a management network, a first group of packet filtering rules and a second group of packet filtering rules, wherein the management network is out-of-band relative to a first network; receiving, from the policy management server via the management network and based on a first determination that an overload condition has occurred on the first network, a first indication to apply the first group of packet filtering rules; receiving a plurality of packets via the first network; applying, to at least some packets of the plurality of packets and based on the first indication to apply the first group of packet filtering rules, the first group of packet filtering rules, wherein: the first group of packet filtering rules indicate whether a first set of packets that match at least one of the first group of packet filtering rules are to be blocked or allowed to continue toward their respective destinations, and the applying the first group of packet filtering rules comprises blocking at least a first portion of the plurality of packets from a plurality of users that fall within the first set of packets from continuing toward their respective destinations; and receiving, from the policy management server via the management network and based on a second determination that the overload condition has been mitigated to a first degree, a second indication to apply the second group of packet filtering rules; applying, to at least some of the plurality of packets and based on the second indication to apply the second group of packet filtering rules, the second group of packet filtering rules, wherein: the second group of packet filtering rules indicate whether a second set of packets comprising data for at least one Internet-based application and that match at least one of the second group of packet filtering rules are to be blocked or allowed to continue toward their respective destinations, and the applying the second group of packet filtering rules comprises allowing at least a second portion of the plurality of packets that fall within the second set of packets comprising data for the at least one Internet-based application and that match at least one of the second group of packet filtering rules to continue toward their respective destinations receiving, based on an identification of one or more sources of the overload condition, a third group of packet filtering rules; and applying, to at least some of the plurality of packets and based on the identification of the one or more sources of the overload condition, the third group of packet filtering rules.

2. The method of claim 1 , further comprises: receiving, from the policy management server via the management network and based on a third determination that the overload condition has been mitigated to a second degree, a third indication to apply a fourth group of packet filtering rules; applying, to at least some of the plurality of packets and based on the third indication to apply the fourth group of packet filtering rules, the fourth group of packet filtering rules, wherein: the fourth group of packet filtering rules indicate whether a third set of packets are to be blocked or allowed to continue toward their respective destinations, and applying the fourth group of packet filtering rules comprises allowing at least a third portion of the plurality of packets that fall within the third set of packets and that match at least one of the fourth group of packet filtering rules to continue toward their respective destinations.

3. The method of claim 1 , wherein: the first group of packet filtering rules comprises a plurality of packet filtering rules arranged in an ordered listing, each packet filtering rule of the plurality of packet filtering rules comprises a five-tuple indicating whether a particular packet is to be blocked or allowed to continue, the applying the first group of packet filtering rules further comprises applying each packet filtering rule of the plurality of packet filtering rules to the first set of packets, and each packet filtering rule of the plurality of packet filtering rules is applied in an order of appearance in the ordered listing.

4. The method of claim 1 , further comprises: determining, from amongst the plurality of packets, a set of packets comprising gateway protocol data, wherein: one or more five-tuples indicate whether the first set of packets is to be blocked or allowed to continue toward their respective destinations indicates that the set of packets comprising gateway protocol data is to be allowed to continue toward their respective destinations, and the applying the first group of packet filtering rules comprises allowing the set of packets comprising gateway protocol data to continue toward their respective destinations.

5. The method of claim 4 , wherein the determining the set of packets comprising gateway protocol data comprises determining one or more packets comprising border gateway protocol (BGP) data.

6. The method of claim 1 , further comprises: determining, from amongst the plurality of packets, a set of packets comprising domain name system (DNS) data, wherein: one or more five-tuples indicate whether the first set of packets is to be blocked or allowed to continue toward their respective destinations indicates that the set of packets comprising DNS data is to be allowed to continue toward their respective destinations, and the applying the first group of packet filtering rules comprises allowing the set of packets comprising DNS data to continue toward their respective destinations.

7. The method of claim 1 , further comprises: determining, from amongst the plurality of packets, a set of packets comprising network time protocol (NTP) data, wherein: one or more five-tuples indicate whether the first set of packets is to be blocked or allowed to continue toward their respective destinations indicates that the set of packets comprising NTP data is to be allowed to continue toward their respective destinations, and the applying the first group of packet filtering rules comprises allowing the set of packets comprising NTP data to continue toward their respective destinations.

8. The method of claim 1 , further comprises: determining, from amongst the plurality of packets, a set of packets comprising one or more of telephony data, web based service data, or text messaging data, wherein: one or more five-tuples indicate whether the second set of packets is to be blocked or allowed to continue toward their respective destinations indicates that the set of packets comprising the one or more of the telephony data, the web based service data, or the text messaging data is to be allowed to continue toward their respective destinations, and the applying the second group of packet filtering rules comprises allowing the set of packets comprising the one or more of the telephony data, the web based service data, or the text messaging data to continue toward their respective destinations.

9. The method of claim 8 , wherein the determining the set of packets comprising the one or more of the telephony data, the web based service data, or the text messaging data comprises: determining that the set of packets comprising the one or more of the telephony data, the web based service data, or the text messaging data is associated with the at least one Internet-based application.

10. The method of claim 1 , wherein the first network comprises the Internet, the method further comprising allowing a plurality of packets from a plurality of required users to continue toward their respective destinations including traversing the Internet.

11. A system comprising: a policy management server; and a plurality of packet-filtering devices interfacing, at peering points, a plurality of different, separately administered, autonomous system networks, wherein each packet-filtering device of the plurality of packet-filtering devices comprises: at least one processor; and memory storing instructions that, when executed by the at least one processor, cause the packet-filtering device to: receive, from the policy management server via a management network, a first group of packet filtering rules and a second group of packet filtering rules, wherein the management network is out-of-band network relative to a first network; receive a plurality of packets via the first network; determine that an overload condition has occurred on the first network; receive, from the policy management server via the management network and in response to determining that the overload condition has occurred on the first network, a first indication to apply the first group of packet filtering rules; apply, to at least some of the plurality of packets and based on the first indication to apply the first group of packet filtering rules, the first group of packet filtering rules that comprise at least one five-tuple, wherein: the first group of packet filtering rules indicate whether a first set of packets that match the first group of packet filtering rules are to be blocked or allowed to continue toward their respective destinations, and applying the first group of packet filtering rules comprises blocking at least a first portion of the plurality of packets from a plurality of first users that fall within the first set of packets and that match at least one of the first group of packet filtering rules from continuing toward their respective destinations; forward a plurality of packets from a plurality of second users toward their respective destinations; determine that the overload condition has been mitigated to a first degree; receive, from the policy management server via the management network and in response to determining that the overload condition has been mitigated to the first degree, a second indication to apply the second group of packet filtering rules; apply, to at least some of the plurality of packets and based on the second indication to apply the second group of packet filtering rules, the second group of packet filtering rules, wherein: the second group of packet filtering rules indicate whether a second set of packets comprising data for at least one Internet-based application and that match at least one of the second group of packet filtering rules are to be blocked or allowed to continue toward their respective destinations, and the second group of packet filtering rules is less restrictive than the first group of packet filtering rules; forward at least a second portion of the plurality of packets that fall within the second set of packets comprising data for the at least one Internet-based application and that match at least one of the second group of packet filtering rules toward their respective destinations; receive, based on an identification of one or more sources of the overload condition, a third group of packet filtering rules; and apply, to at least some of the plurality of packets and based on the identification of the one or more sources of the overload condition, the third group of packet filtering rules.

12. The system of claim 11 , wherein the memory further stores instructions that, when executed by the at least one processor, cause the packet-filtering device to: determine that the overload condition has been mitigated to a second degree; and receive, from the policy management server via the management network and in response to determining that the overload condition has been mitigated to the second degree, a third indication to apply a fourth group of packet filtering rules; apply, to at least some of the plurality of packets and based on the third indication to apply the fourth group of packet filtering rules, the fourth group of packet filtering rules, wherein: the fourth group of packet filtering rules indicate whether a third set of packets that match at least one of the fourth group of packet filtering rules are to be blocked or allowed to continue toward their respective destinations, and the second degree is a greater degree of mitigation than the first degree, and wherein the fourth group of packet filtering rules is less restrictive than the second group of packet filtering rules; and forward at least a third portion of the plurality of packets that fall within the third set of packets and that match at least one of the fourth group of packet filtering rules toward their respective destinations.

13. The system of claim 11 , wherein the memory further stores instructions that, when executed by the at least one processor, cause the packet-filtering device to: determine, from amongst the plurality of packets, a set of packets comprising one or more of telephony data, web based service data, or text messaging data, wherein one or more five-tuples indicate whether the set of packets is to be blocked or allowed to continue toward their respective destinations; and forward, based on a determination that the set of packets are allowed to continue toward their respective destinations, the set of packets comprising the one or more of the telephony data, the web based service data, or the text messaging data toward their respective destinations.

14. The system of claim 13 , wherein the determination that the set of packets are allowed to continue toward their respective destinations comprises: determining that the set of packets comprising the one or more of the telephony data, the web based service data, or the text messaging data is associated with the at least one Internet-based application.

15. The system of claim 11 , wherein: the first network comprises the Internet; and the forwarding the plurality of packets from the plurality of second users toward their respective destinations comprises allowing the plurality of packets from the plurality of second users to traverse the Internet.

16. One or more non-transitory computer-readable media having instructions stored thereon that, when executed by each packet-filtering device of a plurality of packet-filtering devices interfacing, at peering points, a plurality of different, separately administered, autonomous system networks, cause the packet-filtering device to: receive, from a policy management server via a management network, a first group of packet filtering rules and a second group of packet filtering rules, wherein the management network is out-of-band network relative to a first network; receive a plurality of packets via the first network; determine that an overload condition has occurred on the first network; receive, from the policy management server via the management network and in response to determining that the overload condition has occurred on the first network, a first indication to apply the first group of packet filtering rules; apply, to at least some of the plurality of packets and based on the first indication to apply the first group of packet filtering rules, the first group of packet filtering rules, wherein: the first group of packet filtering rules indicate whether a first set of packets that match at least one of the first group of packet filtering rules are to be blocked or allowed to continue toward their respective destinations, and applying the first group of packet filtering rules comprises blocking at least a first portion of the plurality of packets from a plurality of first users that fall within the first set of packets from continuing toward their respective destinations; forward a plurality of packets from a plurality of second users toward their respective destinations; determine that the overload condition has been mitigated to a first degree; receive, from the policy management server via the management network and in response to determining that the overload condition has been mitigated to the first degree, a second indication to apply the second group of packet filtering rules; apply, to at least some of the plurality of packets and based on the second indication to apply the second group of packet filtering rules, the second group of packet filtering rules, wherein: the second group of packet filtering rules indicate whether a second set of packets comprising data for at least one Internet-based application and that match at least one of the second group of packet filtering rules are to be blocked or allowed to continue toward their respective destinations, and the second group of packet filtering rules is less restrictive than the first group of packet filtering rules; forward at least a second portion of the plurality of packets that fall within the second set of packets comprising data for the at least one Internet-based application and that match at least one of the second group of packet filtering rules toward their respective destinations; receive, based on an identification of one or more sources of the overload condition, a third group of packet filtering rules; and apply, to at least some of the plurality of packets and based on the identification of the one or more sources of the overload condition, the third group of packet filtering rules.

17. The one or more non-transitory computer-readable media of claim 16 , having further instructions stored thereon that, when executed by each packet-filtering device of the plurality of packet-filtering devices, cause the packet-filtering device to: determine that the overload condition has been mitigated to a second degree; receive, from the policy management server via the management network and in response to determining that the overload condition has been mitigated to the second degree, a third indication to apply a fourth group of packet filtering rules; apply, to at least some of the plurality of packets and based on the third indication to apply the fourth group of packet filtering rules, the fourth group of packet filtering rules, wherein: the fourth group of packet filtering rules indicate whether a third set of packets that match at least one of the fourth group of packet filtering rules are to be blocked or allowed to continue toward their respective destinations, and the second degree is a greater degree of mitigation than the first degree, and wherein the fourth group of packet filtering rules is less restrictive than the second group of packet filtering rules; and forward at least a third portion of the plurality of packets that fall within the third set of packets and that match at least one of the fourth group of packet filtering rules toward their respective destinations.

18. The one or more non-transitory computer-readable media of claim 16 , having further instructions stored thereon that, when executed by each packet-filtering device of the plurality of packet-filtering devices, cause the packet-filtering device to: determine, from amongst the plurality of packets, a set of packets comprising one or more of telephony data, web based service data, or text messaging data, wherein one or more five-tuples indicate whether the set of packets is to be blocked or allowed to continue toward their respective destinations; and forward, based on a determination that the set of packets are allowed to continue toward their respective destinations, the set of packets comprising the one or more of the telephony data, the web based service data, or the text messaging data toward their respective destinations.

19. The one or more non-transitory computer-readable media of claim 18 , wherein the determination that the set of packets are allowed to continue toward their respective destinations comprises: determining the set of packets comprising the one or more of the telephony data, the web based service data, or the text messaging data is associated with the at least one Internet-based application.

20. The one or more non-transitory computer-readable media of claim 16 , wherein: the first network comprises the Internet; and the forwarding the at least the plurality of packets from the plurality of second users toward their respective destinations comprises allowing the at least the plurality of packets from the plurality of second users to traverse the Internet.